[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Archive signing key for 2007?

On Thursday 15 February 2007 13:44, Goswin von Brederlow wrote:
> > This includes my (partial) local mirror. Let's just say that this
> > would seriously impact my work on D-I and the release.
> Slightly off the topic but does that (still) work fine for you?

Yes, debmirror works fine here. Apparently they stopped using the old key 
in time.

> I heard reports that D-I won't install from the netboot/busybox medium
> if the signature can't be verified.
> It would be very bad if the key expirey breaks D-I in the future.

This has been "solved" by changing from using yearly keys to using release 
keys. It is just that RC1 did not contain the release key yet.
So this should not be an issue in the future as long as release keys don't 
get revoked (but then things _should_ break and new images with new keys 
made available anyway).

I see the Etch key is valid only until 01 July 2009, so after that date 
this _will_ be a problem. By then Etch should hopefully be "oldstable", 
but having a working installer for oldstable is still a good thing...


Attachment: pgprRDbWE9me1.pgp
Description: PGP signature

Reply to: